✔️ Deploy Preview for privacyguides ready!

🔨 Explore the source changes: daadf50

🔍 Inspect the deploy log: https://app.netlify.com/sites/privacyguides/deploys/61a789d15bae690008d2fa61

😎 Browse the preview: https://deploy-preview-292--privacyguides.netlify.app

I have some problems with adding CTemplar.

1. They had no backup and data loss occurred. There was no e-mail or any information on the front page. I had only a few messages and didn't lose any but it was enough to close the account. I discovered that it happened accidentally by looking at privacytools Github. I wouldn't know about it otherwise. I really liked transparency like e.g. Gitlab did with their failure handling and this is completely opposite. Here's some info:
   🆕 Software Suggestion | CTemplar privacytools/privacytools.io#1642 (comment)
2. Regarding tor support they have disabled it today as reported on their twitter: Ctemplar Twitter. I have checked it manually and when logging in it redirects to ctemplar.com.

They had no backup and data loss occurred. There was no e-mail or any information on the front page. I had only a few messages and didn't lose any but it was enough to close the account. I discovered that it happened accidentally by looking at privacytools Github. I wouldn't know about it otherwise. I really liked transparency like e.g. Gitlab did with their failure handling and this is completely opposite. Here's some info:
privacytools/privacytools.io#1642 (comment)

We're aware of this issue and while it isn't ideal, it does seem that the company has taken some serious steps to make sure it never happens again https://github.com/privacyguides/privacyguides.org/discussions/131#discussioncomment-1581612

Regarding tor support they have disabled it today as reported on their twitter: Ctemplar Twitter. I have checked it manually and when logging in it redirects to ctemplar.com.

That is unfortunate. As it is with our current recommendations, only Protonmail has a .onion for their web services and you can't use it for setup of an a new account #151 Mailbox.org only uses it for their IMAP/SMTP connections.

SVG.zip

Edited logos, as requested!

Regarding tor support they have disabled it today as reported on their twitter: Ctemplar Twitter. I have checked it manually and when logging in it redirects to ctemplar.com.

Still seems to be the case

> GET / HTTP/1.1
> Host: mail.ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion
> User-Agent: curl/7.80.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Wed, 01 Dec 2021 13:15:40 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://mail.ctemplar.com/
<

Worth noting that Protonmail still has this enabled

> GET /login HTTP/1.1
> Host: protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
> User-Agent: curl/7.80.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Wed, 01 Dec 2021 13:18:32 GMT
< last-modified: Sun, 31 Jan 2021 09:41:46 GMT
< accept-ranges: bytes
< content-length: 3309
< vary: Accept-Encoding
< cache-control: max-age=0, no-cache, no-store, must-revalidate
< expires: Wed, 11 Jan 1984 05:00:00 GMT
< set-cookie: Session-Id=Yad2KC3wGVsmJJPzMw5P0QAAAN0; Domain=protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion; Path=/; HttpOnly; Secure; Max-Age=7776000
< set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
< pragma: no-cache
< content-type: text/html; charset=UTF-8
< content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/csp;
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< expect-ct: max-age=2592000, enforce, report-uri="https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/tls"
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block; report=https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/csp
< referrer-policy: strict-origin-when-cross-origin
< x-permitted-cross-domain-policies: none
<

Regarding tor support they have disabled it today as reported on their twitter: Ctemplar Twitter. I have checked it manually and when logging in it redirects to ctemplar.com.

Still seems to be the case

> GET / HTTP/1.1
> Host: mail.ctemplarpizuduxk3fkwrieizstx33kg5chlvrh37nz73pv5smsvl6ad.onion
> User-Agent: curl/7.80.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Wed, 01 Dec 2021 13:15:40 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://mail.ctemplar.com/
<

Worth noting that Protonmail still has this enabled

> GET /login HTTP/1.1
> Host: protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
> User-Agent: curl/7.80.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< date: Wed, 01 Dec 2021 13:18:32 GMT
< last-modified: Sun, 31 Jan 2021 09:41:46 GMT
< accept-ranges: bytes
< content-length: 3309
< vary: Accept-Encoding
< cache-control: max-age=0, no-cache, no-store, must-revalidate
< expires: Wed, 11 Jan 1984 05:00:00 GMT
< set-cookie: Session-Id=Yad2KC3wGVsmJJPzMw5P0QAAAN0; Domain=protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion; Path=/; HttpOnly; Secure; Max-Age=7776000
< set-cookie: Version=default; Path=/; Secure; Max-Age=7776000
< pragma: no-cache
< content-type: text/html; charset=UTF-8
< content-security-policy: default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'sha256-eAhF1Kdccp0BTXM6nMW7SYBdV0c3fZwzcC177TQ692g='; style-src 'self' 'unsafe-inline'; img-src http: https: data: blob: cid:; frame-src 'self' blob: https://secure.protonmail.com; object-src 'self' blob:; child-src 'self' data: blob:; report-uri https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/csp;
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< expect-ct: max-age=2592000, enforce, report-uri="https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/tls"
< x-frame-options: deny
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block; report=https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/api/reports/csp
< referrer-policy: strict-origin-when-cross-origin
< x-permitted-cross-domain-policies: none
<

Regarding CTemplar, it is correct. Until the CORS issue is fixed, all the API requests using Tor Browser through the .onion domain will not work. So we have decided to redirect the users to our clearnet domain, until it is fixed.

I think this one is ready for review/merge.